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(57) Abstract: A method for generating digital postage stamps (700) whmin a data center (40) receives a request from a PC (20) 
for a selected number of digital postage stamps (700), concludes a payment transaction for -the selected number of digital postage 
stamps (700), generates a digital book (500, 600) of postage suux^s, which the PC (20) downloads to its hard drive. The digital book 
(500, 600) of postage stamps includes a read-only software module (510) that prints each digital postage stamp (700) using stamp 
related informatioo contained within the software module (510). The stamp related information includes stamp information, user 
information, which identifies the requestor and the PC (20), data center (40) server information, and a digital signatuie (550) of at 
least some of the user, stamp and/or server information. Before printing a digital postage stamp (700), software module (5 10) verifies 
that the signature (550) of the PC (20) is identical to the PC signature diat was stored in the software module (5 10) when the software 
module (5 10) was configured at the data center (40) server. If verified, the software module (5 10) generates the digital postage stamp 
(700) using the stamp, user and server data associated widi die digital postage stamp (7(X)) and then initiates the printiog of the digital 
postage stamp (700) on a printer (22) coiq>led to the PC (20). Hie software module (510) renders the stamp, user and server data 
associated with the digital postage stamp (700) being printed unusable for subsequent generations of digital postage stamps (700). 
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Field of the Invention 

The invention disclosed herein relates generally to systems and methods for 
evidencing postage payment, and more particularly to systems and methods for 
5 evidencing postage payment using a personal computer. 

Background of the Invention 

Postage metering systems have been developed which employ encrypted 
information that is printed on a mailpiece as part of an indicium evidencing postage 
payment. The encrypted Infomiation includes a postage value for the mailpiece 

10 combined with other postal data that relate to the mailpiece and the postage meter 
printing the indicium. The encrypted infomiation, typically referred to as a digital 
token or a digital signature, authenticates and protects the integrity of infomiation, 
including the postage value, imprinted on the mailpiece for later verification of 
postage payment. Since the digital token incorporates encrypted information relating 

15 to the evidencing of postage payment, altering the printed information in an indicium 
is detectable by standard verification procedures. Examples of systems that 
generate and print such indicium are described in U.S. Patent Numbers 4,725,718. 
4,757,537. 4,775,246 and 4.873,645, each assigned to the assignee of the present 
invention. 

20 Presently, there are two postage metering device types: closed system and 

open system. In a closed system, the system functionality is solely dedicated to 
metering activity. Examples of closed system metering devices, also referred to as 
postage evidencing devices, include conventional digital and analog (mechanical 
and electronic) postage meters wherein a dedicated printer is securely coupled to a 

25 metering or accounting function. Typically, in a closed system, the printer is securely 
coupled and dedicated to the meter, and printing evidence of postage cannot take 
place without accounting for the evidence of postage. In an open system, the printer 
is not dedicated to the metering activity, freeing system functionality for multiple and 
diverse uses in addition to the metering activity. Examples of open system metering 

30 devices include personal computer (PC) based devices with single/multi-tasking 
operating systems, multi-user applications and digital printers. An open system 
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metering device is a postage evidencing device with a non-dedicated printer that is 
not securely coupled to a secure accounting module. An open system indicium 
printed by the non-dedicated printer is made secure by including addressee 
information in the encrypted evidence of postage printed on the mailpiece for 
5 subsequent verification. See U.S. Patent Numbers 4.725,718 and 4.831,555. each 
assigned to the assignee of the present invention. 

Recently, the United States Postal Service ("USPS") has approved personal 
computer (PC) postage metering systems as part of the USPS Information-Based 
Indicia Program ("IBIP"). The IBIP is a distributed trusted system which is a PC 
10 based metering system that is meant to augment existing postage meters using new 
evidence of postage payment known as infomiation-based indicia. The program 
relies on digital signature techniques to produce for each mailpiece an indicium 
whose origin can be authenticated arid content cannot be modified. The IBIP 
requires printing a large, high density, two-dtmensional ("2-D") bar code on a 
15 mailpiece. The 2-D bar code, which encodes information, is signed with a digital 
signature. A description of the IBIP PERFORMANCE CRITERIA FOR 
INFORMATION-BASED INDICIA AND SECURITY ARCHITECTURE FOR OPEN IBI 
POSTAGE METERING SYSTEMS (PCIBI-0). a published draft specification dated 
April 26, 1999, which is refen^ed to herein as the "IBIP Specification". The IBIP 
20 Specification defines the proposed requirements for a new indicium that will be 
applied to mail being created using IBIP, defines the proposed requirements for a 
Postal Security Device ("PSD"), which is a secure processor-based accounting 
device that is couple to a personal computer to dispense and account for postal 
value stored therein to support the creation of a new "infomnation-based" postage 
25 postmark or indicium that will be applied to mail being processed using IBIP. and 
defines the proposed requirements for a host system element (personal computer) of 



The IBIP Specification defines a stand-alone open metering system, referred 
to herein as a PC Meter, comprising a PSD coupled to a PC, which operates as a 
30 host system with a printer coupled thereto. The PC runs the metering application 
software and associated libraries and communicates with the attached PSD. The 



the PC. Meter processing is perfomned locally between the PC and the PSD coupled 
thereto. Connections to a Data Center, for example for registration and refill 

2 



IBIP. 



PC Meter processes transactions for dispensing postage, registration and refill on 
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transactions, are made locally from the PC through a local or network 
modem/internet connection. Accounting for debits and credits to the PSD is also 
performed locally, logging the transactions on the PC. Several application programs 
running on the PC, such as a word processor or an envelope designer, may access 
5 the metering application software. At the present time, the USPS has approved for 
one PC Meter product E-Stamp® Internet Postage which is distributed by E-Stamp 
Corporation of Houston, Texas. Other PC meter products are currently in beta test 
with the USPS. 

The USPS has approved an alternative version of the PC Meter in which the 
10 PSD function is perfomied at a server that is remote from the PC and accessible 
through the Internet. This altemative version, which is referred to herein as a "virtual 
meter", is a network metering system, has many client PCs without any PSDs 
coupled thereto. The client PCs run application software for requesting and 
fonnatting postage indicia, but all PSD functions are performed on server(s) located 
15 at a Data Center. The PSD functions at the Data Center may be performed in a 
secure device attached to a computer at the Data Center, or may be perfomied in 
the Data Center computer itself. The client PCs must connect with the Data Center 
to process transactions such as postage dispensing, meter registration, or nieter 
refills. Transactions are requested by the client PC and sent to the Data Center for 
20 remote processing. The transactions are processed at the Data Center and the 
results are returned to the client PC. Accounting for funds and transaction 
processing are centralized at the Data Center. See, for example, U.S. Patent 
Numbers 5,454,038 and 4,873,645. which are assigned to the assignee of the 
present invention. 

25 The virtual meter does not conform to all the current requirements of the IBIP 

Specifications. In particular, the IBIP Specifications do not pennit PSD functions to 
be performed at the Data Center. However, it is understood that a virtual meter 
configuration with each mailer's PSD located at the Data Center may provide an 
equivalent level of security as required by the IBIP Specifications. 

30 in conventional closed system mechanical and electronic postage meters, a 

secure link is required between printing and accounting functions. For postage 
meters configured with printing and accounting functions perfomied in a single, 
secure box, the integrity of the secure box is monitored by periodic inspections of the 
meters. More recently, digital printing postage meters typically include a digital 

3 
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printer coupled to sffletering (accounting) device, which is ^^rred to herein as a 
postal security device (PSD). Digital printing postage meters have removed the 
need for physical inspection by cryptographically securing the link between the 
accounting and printing mechanisms. In essence, new digital printing postage 

5 meters create a secure point-to-point communication link between the PSD and print 
head. See, for example, U.S. Patent Number 4,802,218, issued to Christopher B. 
Wright et al. and now assigned to the assignee of the present invention. An example 
of a digital printing postage meter with secure print head communication is the 
Personal Post Office'*' manufactured by Pitney Bowes Inc. of Stamford, Connecticut. 

10 Although the IBIP provides a viable system and method for printing postage 

on a PC, there are requirements inherent in the IBIP that limit the desirability for use 
by small office home office users whose use of the PC metering may not include 
mailing in a volume sufficient to warrant costs above and beyond the costs of stamps 
purchase from the Post Office. For example, non-business users may balk at the 

15 additional cost associated with requiring the rental of a PSD or the administrative 
cost for maintaining an account at a Data Center. For the virtual meter, in addition to 
the cost, non-business users may balk at the need to connect to the Internet every 
time postage is needed. 

At the present, the IBIP includes sampling verification, which is not a reliable 

20 method for detecting fraud. A more robust verification system must be implemented. 
A key component of any verification system for the IBIP is verification that addressee 
information contained in the 2-D bar code of the Indicium is matched to addressee 
infomriation contained In the addressee block of the mailpiece or in the postnet bar 
code on the mailpiece. It is not clear at this time how soon a reliable verification 

25 system will be in place to verify the volume of mailpieces that are produced by an 
IBIP PC meter. This problem is accentuated by the fact that IBIP verification of open 
system indicia, which includes verifying correct addressee infomriation is in the 
indicia, must take place at the same time that verification of closed system indicia, 
which does not have addressee information in the indicia, is also being performed. 

30 The total verification process is even more complicated considering that there are 
different indicia created by traditional flatbed (i.e. non-digital) printer meters and 
digital printer meters. 
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Summary of the Invention 



The present invention provides an alternative to the IBIP scheme for PC 
postage, it has been found that a digital "book of stamps" can be purchased 
electronically over the Internet. The digital book of stamps a self-executing software 
5 module that is configured to run only on one PC. The user purchases digital postage 
over the Internet in a manner comparable to purchasing a book of stamps from the 
post office. The digital postage can be for one or more denominations. Each digital 
postage stamp that is printed on a mailpiece is verifiable and can be identified as 
being printed by a particular software module that has been run on a particular PC. 

10 In the present invention, a digital postage stamp does not include any addressee 
information. Therefore, any digital postage stamp can be used as postage payment 
evidence on any mailpiece. i.e., just as a conventional postage stamp. 

In accordance with the present invention, verifiable digital postage may be 
printed by non-dedicated printer coupled to a PC wherein such digital postage does 

15 not include addressee infonnation. Thus, purchasing postage value over, for 
example, the internet, is akin to purchasing a book of stamps at the Post Office. 
Unlike the infonnation-based indicium that requires addressee information, the 
present invention provides that each digital stamp printed by the PC can be used on 
any mailpiece. It has been found, however, that some fomri of encoded addressee 

20 information may be printed with the digital postage stamp to improve the verification 
process, but this does not restrict a particular digital postage stamp to a particular 
mailpiece. 

A first embodiment provides a system and method for purchasing a book of 
digital stamps of fixed denomination over the Internet. The book of digital stamps 

25 comprises a software module that runs only on the PC from which the request for 
postage originates and to which the book of stamps is downloaded. The book of 
stamps is a software module that is created at the data center server for generating 
digital stamps only in the PC that initiated the purchase of the book of stamps. The 
software module comprises stamp data needed to generate each stamp, and 

30 algorithms for generating each of the digital stamps from the stamp data. Once all of 
the digital stamps have been printed, the stamp software module preferably 
uninstalls itself automatically after notifying the user that the book of stamps is 
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empty. For purposes of security and control, the book of stamps can be 
programmed with a time limit for using the stamps. 

In an alternative embodiment, the data center server generates the bitmap of 
the each stamp in the book of stamps and the bitmaps of the stamps are included 
5 with the software module, which further comprises algorithms for printing the stamps. 

In yet another embodiment, the user purchases a book of stamps of no 
predetermined denomination, i.e. a total value of postage. The digital stamp 
software module then includes a user interface whereby the user selects the 
denomination for each stamp to be printed up to the unused amount of the book of 
10 stamps. 

In accordance with the present invention, the data center is not required to 
maintain a user account for the prepayment or post-payment of postage value. 
Digital postage stamps are purchase over the Internet through conventional Internet 
transaction methods, such as by credit card. Thus, the present invention provides a 

15 method of purchasing digital postage stamps over the Internet in the same manner 
as one would purchase a book of stamps at the Post Office, it will be understood 
that under the present invention, the user may have more than one book of stamps 
stored on the PC. For example, the user may have a book of 33 cent digital stamps 
and a book of twenty cent digital stamps. 

20 In accordance with the preferred embodiment of the present invention, a 

method for generating digital postage stamps provides a data center receiving a 
request from a PC for a selected number of digital postage stamps, concluding a 
payment transaction for the selected number of digital postage stamps, and 
generating a digital book of postage stamps, which the PC downloads to its hard 

25 drive. The digital book of postage stamps includes a read-only software module that 
generates and prints each digital postage stamp using stamp related information 
contained within the software module. The stamp related information includes stamp 
infomnation that is required for each postage stamp, user information that identifies 
the requestor and the PC, data center server information that Is unique to each 

30 digital postage stamp and a digital signature of at least some of the user, stamp 
and/or server information. Before printing a digital postage stamp, the software 
module on the PC verifies that the signature of the PC is identical to the PC 
signature that was stored in the software module when the software module was 
configured at the data center server. If verified, the software module generates the 
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digital postage stai^Wsing the stamp, user and server da^^ssociated with the 
digital postage stamp and then initiates the printing of the digital postage stamp on a 
printer coupled to the PC. The software module renders the stamp, user and server 
data associated with the digital postage stamp being printed unusable for 
5 subsequent generations of digital postage stamps. When all stamps of the book of 
stamps have been printed, the software module uninstalls Itself. 



Description of the Drawings 

The accompanying drawings, which are incorporated in and constitute a part 
of the specification, illustrate presently preferred embodiments of the invention, and 
10 together with the general description given above and the detailed description of the 
preferred embodiments given below, serve to explain the principles of the invention. 
As shown throughout the drawings, like reference numerals designate like or 
corresponding parts. 

Fig. 1 is a block diagram of a postage metering system in accordance with the 
15 present invention; 

Fig. 2 is a flow chart of the preferred embodiment of a data center process for 
responding to a request from a PC for a software module containing a digital book of 
postage stamps in the postage metering system of Fig. 1; 

Fig. 3 is a flow chart of a PC requesting, obtaining and printing one of the 
20 stamps in the digital book of postage stamps generated in Fig. 2; 

Fig. 4 is a flow chart of the preferred embodiment of the PC generatirig a 
digital postage stamp from the digital book of postage stamps; 

Fig. 5 is a block diagram representative of a digital book of postage stamps; 
Fig. 6 is a block diagram representative of an alternative to the digital book of 
25 postage stamps of Fig. 5; and 

Fig. 7 is representation of a digital postage stamp. 

Detailed Description of the Present Invention 

In describing the present invention, reference is made to the drawings, 
wherein there is seen in Fig. 1 a block diagram of a postage metering system, 
30 generally designated 10, which is representative of a system in which the present 
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invention is implemented. Postage metering system 10 includes a plurality of 
personal computers (PC) 20 (only one is shown) that are communicatively 
connected to a server 42 at a remote Data Center 40. It will be understood that PCs 
20 may be connected to server 42 using various conventional methods, such as 

5 through a local or network modem/internet connection. PC 20 has a printer 22 
connected thereto for printing postage revenue block 1 on a mailpiece 5. Server 42 
has access to a database 44, which includes information needed to Data Center 40 
to distribute digital books of postage stamps in the manner described below. Finally, 
Postage metering system 10 includes a verification subsystem 60 that is used to 

10 verify a subset or all of the mailpieces 5 on which a digital postage stamp is printed 
as evidence of postage payment. 

Referring now to Fig. 2, a data center process is shown for responding to a 
request from a PC a software module containing a digital book of postage stamps. 
At step 200, the data center receives a request from a PC for a selected number of 

15 digital postage stamps. The request includes user data, such as PC signature 
(described below) and an identification number, which is obtained during a one-time 
registration for the purchase of stamps over the Internet. The request also includes 
stamp data, such as origin zip code of the PC, denomination of the postage stamps 
and date of the request At step 210, a payment transaction for the selected number 

20 of digital postage stamps is concluded. The payment transaction preferably is a 
credit card transaction, but may be a pre-established credit/debit account as used 
with conventional postage meters. At step 220, the server in the data center 
generates a digital book of postage stamps comprising a read-only software module 
that prints each digital postage stamp of the digital book of postage stamps using 

25 stamp related information contained within the software module. The stamp related 
information includes the user data and stamp data that was received with the request 
from the PC. and further includes sen/er data, such as identification of the server 
generating the digital book of stamps, status of the server and a number 
corresponding to a sequential number of digital postage stamps generated by the 

30 server. The stamp related infomiation further includes a digital signature of at least 
some of the user, stamp and/or server infomiation. The software module also 
includes the number of digital postage stamps in the digital book of postage stamps. 
The software module is generated to be executable only on the PC that has initiated 
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the request for the x^tal book of postage stamps. This p^ronts the fraudulent 
copying of the software module for use on another PC. 

In the preferred embodiment of the present invention, the data center does 
not generate the graphical image of each digital stamp, but stores the information 

5 needed for the software module to generate the graphical image of the digital stamp 
at the PC when the digital stamp is printed. This embodiment is preferred because 
size of the software module is significantly smaller if the graphical images are 
generated at the PC, thus reducing the time needed to download the software 
module electronically. However, a viable, alternative embodiment is one in which the 

10 graphical image of each digital stamp is generated and made part of the software 
module by the data center. A more detailed description of the digital book of postage 
stamps, including the infomnation required to generate the stamps, is provided 
below. At step 230, the server in the data center sends the digital book of postage 
stamps to the requesting PC. 

15 Referring now to Fig. 3, the process is shown of a PC requesting, obtaining 

and using the digital book of postage stamps received from the data center. At step 
300, communications is established between a PC and a data center sen/er. When 
communications are established over the Internet, preferably a conventional secure 
channel such as SSL should be used. At step 310, a request is sent from the PC to 

20 the server for a selected number of digital postage stamps. At step 320, the PC 
provides to the server in the data center payment infomnation needed to conclude 
payment for the selected number of digital postage stamps. At step 330. the PC 
receives a digital book of postage stamps comprising a read-only software module 
that generates and prints each digital postage stamp using stamp related information 

25 contained within the software module. At step 340, the PC stores the digital book of 
postage stamps in the hard drive of the PC. At step 350, a user runs the software 
module on the PC to generate and print one of the digital postage stamps in the 
digital book of postage stamps. As noted above, in an alternative embodiment the 
graphical image of each digital postage stamp is stored as part of the software 

30 module, such that the software module does not generate the graphical image 
before printing. 

Referring now to Fig. 4, the prefen^ed embodiment is shown for the PC 
generating digital postage stamps from the digital book of postage stamps. At step 
400, the software module verifies before generating the book of digital postage 

9 
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Stamps that the si^Rure of the PC in which the software^rodule is running is 
identical to the PC signature that was stored in the software module when the 
software module was configured at the data center server. This verification provides 
a level of security, which prevents the software module, i.e. the digital book of 
5 postage stamps from being used on another computer. Once downloaded to a 
specific PC, the software module cannot be copied for use on another PC, thus 
preventing fraudulent copies from being distributed for repetitive printing of each of 
the digital stamps. 

One example of a PC signature is the Processor serial number (PSN) in the 

10 Pentium® III Processors manufactured by Intel Corporation of Santa Clara, 
California. The PSN feature is embedded into the chip during the manufacturing 
process of the Pentium® III processor. The PSN serves as an identifier for the 
processor, and. by association, its system. Like the serial numbers on many other 
electronic devices or products, except the PSN is implemented electronically, rather 

1 5 than being placed on the exterior of the product. Another example of a PC signature 
for a computer that has Ethernet interface standard equipment Is a unique ID called 
a "MAC address" and every piece of Ethernet hardware ever manufactured has been 
assigned one under the supervision of a standards organization. 

At step 410, if the signatures are not identical, then at step 420, the software 

20 module displays an appropriate message to the user and does not print the 
requested digital postage stamp. If the signatures are identical, then at step 430, the 
software module generates the digital postage stamp using the stamp data, user 
data and server data that stored within the software module. A more complete 
description of the stamp data, user data and server data is provided below. At step 

25 440, the software module initiates the printing of the digital postage stamp on a 
printer coupled to the PC. At step 450, the software module prevents duplicate 
printing of a digital postage stamp by making the data used in generating the digital 
postage stamps that is being printed, i.e., the stamp data, user data and server data, 
unusable for subsequent generations of digital postage stamps. At step 460, the 

30 software module detemiines if all postage stamps in the digital postage stamps have 
been printed. If all stamps have been printed, then at step 470, the software module 
notifies the user and uninstalls itself from the PC hard drive. 

Referring now to Fig. 5, a block diagram representative of a digital book of 
postage stamps is shown. The digital book of postage stamps comprises a software 

10 
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rare 510 that runs 



in only one PC to generate and print digital postage stamps using digital postage 
stamp data files stored within software module 500. For each digital postage stamp 
in the digital book of postage stamps, a digital postage stamp data file includes: 
5 stamp data 520, such as origin zip code of the PC, denomination of the digital 
postage stamp and date of request; user data 530, such as user identification 
number and PC signature information; server data 540, such as identification of the 
server that generated software module 500, status information of the server and a 
number corresponding to this postage stamp's sequential number of digital postage 

10 stamps generated by the sen/er; and a digital signature of the postage stamp 550. 
The digital signature of the postage stamp is generated at the data center using a 
cryptographic key to sign at least some of the postage stamp data 520-550. 
Preferably a private key of a public key pair, for example as used in the RSA public 
key algorithm. Finally, software module includes a number 560 that represents the 

15 number of unused stamps remaining in the book of stamps. This number 560 is 
decremented by software module 500 each time a stamp is printed by the software 
module. 

Referring now to Fig. 6. an alternative configuration of the digital book of 

postage stamps is shown. The digital book of postage stamps comprises a software 
20 module, generally designated 600, which includes application software 510 that runs 

in the PC to generate and print digital the graphical images 610-640 of the postage 

stamps as stored in the software module. 

Referring now to Fig. 7 a representative digital postage stamp 700 is shown. 

It can be seen that the digital includes a 2-D bar code 706. which is an encoded 
25 representation of the digital postage stamp data that was stored within software 

module 500 for stamp 700. The only human readable information shown in stamp 

700 is the date of printing 702. the value of stamp 700 and the identification that the 

postage is First Class U.S. postage. 



30 The first level of security is achieved by generating the software module to execute 
only on the requesting PC, i.e. the designated PC. This prevents copies being made 
for use on other PC's, which eliminates multiple copies of one digital book of postage 
stamps from being used on multiple PC's. The second level of security is achieved 
by having the software module destroy the stamp information needed for the module 



Thus far, the present invention has been described with two levels of security. 
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to generate the grapnical image of each digital postage stamp when the digital 
postage stamp is printed. For the altemative embodiment, the software module 
destroys the graphical Image that was pre-stored when the module was created. 
This prevents the designated PC printing multiple copies of each digital postage 



Further levels of security can be added to prevent any tampering by hackers. 
For example, the digital stamp software module is a read only module which includes 
self-detection of tampering whereby any changes to the module by external sources 
results in the module becoming inoperative and an alert message to the user that the 

10 unused portion of the book of stamps has been lost. Additionally, the software 
module can be saved on the hard drive of the PC as a hidden file to make it more 
difficult for the typical PC user to locate on the hard drive. 

A conventional password scheme may be used to prevent unauthorized 
access to the digital book of stamps. This provides security to user by preventing 

15 others using the PC from printing postage unless they know the user's password. 
This password may be provided to the data center when the request for the digital 
book of postage stamps is made, so that the password is embedded within the 
software module. Alternatively, the password can be established the first time the 
user prints a digital postage stamp. 

20 As with other digital printing of postage evidencing, the present invention is 

suitable for printing messages, such as ad slogans, with the digital postage stamps. 
The user can select one or more messages when the user connects to the data 
center web page for purchasing the digital books of postage stamps. The messages 
may be an optional value added feature offered with the digital book of postage 

25 stamps. If selected, a message is stored as part of the software module whereby the 
message. As an incentive for printing a message sponsored by another party, i.e., 
an ad slogan, the cost of purchasing the digital book of postage stamps may be 
subsidized by the third party. See for example, U.S. Patent Numbers 4,831,554, 
5,509,109 and 6,141,654 and U.S. Patent Application Serial Number 09/224,238, 

30 filed on December 30, 1998, all assigned to the assignee of the present invention. 
Altematively, the user may initiate the message from the user's PC and request that 
the data center add the message to the software module for printing with each digital 
postage stamp. 



5 stamp. 
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As with any^ethod for printing postage indicia, a^erification process 
necessary to prevent fraudulent printing or copying of the indicia. In the present 
invention, the verification process can be a simple as verifying the digital signature of 
the stamp as printed in the 2-D bar code. This level of verification authenticates the 
5 digital postage stamp as a valid stamp generated by an authorized data center. A 
further level of verification is desired to detect for duplicates. The greatest risk with 
any digitally printed indicia that is printed by a non-dedicated printer or by a 
dedicated printer with off-the-shelf inl<, for example not having florescent 
characteristics that are required for conventional electronic postage meter indicia. 
10 Any digitally printed indicium that is printed with ordinary ink is subject to duplicate 
fraud. For example, a valid indicium may be scanned into a computer and saved as 
a bitmap image that can later be used to print duplicate images of the indicium on 
other mailpieces. 

One way of detecting such duplication fraud is to audit the information 

15 contained within the digital postage stamp to verify that the stamp is being audited 
for only one time. Such an audit can be achieved by maintaining a database of all 
digital postage stamps audited for a period, such as a month. This audit process can 
be made more reliable by placing a time limit that the digital postage stamps may be 
printed. The time limit may be in the form of a date range, for example two weeks 

20 from the time of purchase, so that the period for maintaining the database is reliably 
reasonable. Another method for auditing for duplicates is to maintain a list of 
generated digital postage stamps by server. When a digital postage stamp is 
audited, the audit process compares the audited stamp to the list of stamps to verify 
that the stamp has not been audited more than once. Preferably, the comparison is 

25 limited to the sequential number of the digital postage stamp by server. 

The prefenred location for performing the audit is the mail induction point, i.e., 
where the mail enters the postal processing. For the sake of efficiency, the 
verification of the authenticity of the digital postage stamp can also take place at the 
induction point. Preferably, one scan can be used to both authenticate the digital 

30 postage stamp and audit for duplicates. The authenticity of the digital postage stamp 
is verified by verifying the digital signature contained within the 2-D bar code using 
known verification schemes. 

Finally, the verification process can be simplified by adding additional 
infomnation to the mailpiece when the digital postage stamp is printed. For example, 

13 
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addressee informati^^uch as destination postal code, can bantered by the user 
requesting the printing of the stamp. In accordance with the present invention, the 
software module, in addition to printing the digital postage stamp, signs or encrypts 
the concatenation of the postage stamps digital signature and the addressee 

5 information using a key stored within the software module to produce a second 
digital signature. For the preferred embodiment in which the software module 
generates the digital postage stamp in the PC, the software module can incorporate 
the second digital signature into the 2-D bar code portion of the digital postage 
stamp and include the addressee information in plain text on the mailpiece, e.g.. next 

10 to the digital postage stamp or as part of the digital postage stamp. In the alternative 
embodiment in which the digital postage stamp was generated at the data center 
and the software module merely prints the digital postage stamp, the software 
module prints the plain text and the signature or encryption thereof at some 
predetermined location on the mailpiece, such as next to the digital postage stamp. 

15 It will be understood that the addressee infomiation and the signature or encryption 
thereof may be printed in a bar code instead. In this manner, once the digital 
postage stamp is authenticated, the verification process verifies that the signature/ 
encryption of the addressee information corresponds the addressee infomiation in 
plain text. Adding such addressee information to the verification process reduces 

20 the need to check for duplicate printing of the digital postage stamp. 

While the present invention has been disclosed and described with reference 
to a single embodiment thereof, it will be apparent, as noted above that variations 
and modifications may be made therein. It is also noted that the present invention is 
independent of the machine being controlled, and is not limited to the control of 

25 inserting machines. It is, thus, intended in the following claims to cover each 
variation and modification that falls within the true spirit and scope of the present 
invention. 



Pentium® is a trademark of Intel Corporation 
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What is claimed is : 

1. A method for generating digital postage stamps, the method 
comprising the steps of: 

receiving a request from a first PC for a selected number of digital postage 
stamps; 

concluding a payment transaction for the selected number of digital postage 
stamps; 

generating a digital book of postage stamps, the digital book of postage 
stamps comprising a read-only software module that prints each digital postage 
stamp using stamp related information contained within the software module; and 

sending the digital book of postage stamps to the first PC. 

2. The method of claim 1 wherein the stamp related information 
comprises first information which is required for each postage stamp, second 
information which identifies the requestor and the first PC, third information which is 
unique to each digital postage stamp, and a first digital signature of at least some of 
the first, second and third information. 

3. The method of claim 2 wherein the first data includes origin zip code of 
the first PC, denomination of the digital postage stamp and date of request, the 
second data includes user identification number and PC signature information, and 
the third data includes identification of the server generating the digital postage 
stamps, status infonnation of the server and a number corresponding to a sequential 
number of digital postage stamps generated by the server. 

4. The method of claim 3 wherein the status infonnation of the server 
includes the status of an ascending register and descending register of the sen/er. 

5. The method of claim 1 wherein the steps of receiving and sending are 
performed over the Internet. 
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6. A method for buying and printing digital postage stamps through a PC, 
the method comprising the steps of: 

establishing communications between the PC and a data center server; 
sending a request from the PC to the server for a selected number of digital 
postage stamps; 

providing payment information needed to conclude payment for the selected 
number of digital postage stamps; 

receiving a digital book of postage stamps, the digital book of postage stamps 
comprising a read-only software module that prints each digital postage stamp using 
stamp related information contained within the software module; and 

storing the digital book of postage stamps in memory storage accessible to 
the PC. 

7. The method of claim 6 wherein the stamp related information 
comprises first data which is required for each postage stamp, second data which 
identifies the requestor and the PC, third data which is unique to each digital postage 
stamp and a first digital signature of at least some of the first, second and third 
information. 

8. The method of claim 7 wherein the first data includes origin zip code of 
the PC. denomination of the digital postage stamp and date of request, the second 
data includes user identification number and PC signature infonnation, and the third 
data includes identification of the generating the digital postage stamps, status 
information of the server and a number corresponding to a sequential number of 
digital postage stamps generated by the server. 

9. The method of claim 8 wherein the status information of the server 
includes the status of an ascending register and descending register of the server. 

10. The method of claim 6 wherein the step of establishing 
communications is perfomned over the Internet. 

1 1 . The method of claim 6 comprising the further step of: 
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running the software module on the PC to generate and print one of the digital 
postage stamps in the digital book of postage stamps. 



12. The method of claim 8 wherein the step of running the software module 
comprises the steps of: 

verifying before generating the digital postage stamp that the signature of the 
PC is identical to the PC signature that was stored in the software module when the 
software module was configured at the data center sen/er; 

generating the digital postage stamp using the first, second and third data 
associated with the digital postage stamp; 

printing the digital postage stamp on a printer coupled to the PC; and 

rendering the first, second and third data associated with the digital postage 
stamp unusable for subsequent generations of digital postage stamps. 

13. The method of claim 12 wherein the software module is uninstalled 
from the memory storage when all the digital postage stamps in the digital book of 
postage stamps have been printed. 

14. A product, comprising: 

a digital book of postage stamps software module; and 

executable code for a postage application within the digital book of postage 
stamps software module, wherein when read and executed the code for the postage 
application causes a programmable processor to perform the following steps: 

receiving a request for a first digital postage stamp from a non-postage 
application; 

in response to the request, verifying a user's password associated with the 
request; 

If the user's password is valid, obtaining from within the digital book of postage 
stamps software module, user, server and unique stamp data associated with the first 
digital postage stamp and a first digital signature of at least some of the user, sender 
and unique stamp data; and 

printing the first digital postage stamp. 
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15. The proouct as in claim 14, wherein the digital book of postage stamps 
software module is downloaded to a PC via Intemet communications. 



16. The product as in claim 15, wherein the digital book of postage stamps 
software module is stored on a storage disk. 

17. The product as in claim 16, wherein the storage disk comprises a hard 

disk. 

1 8. The product as in claim 14, wherein the step of printing comprises: 
generating an encoded representation of the digital postage stamp containing 

the user, server and unique stamp data and the first digital signature; and 

enabling a printing operation to use the encoded representation to drive an 
unsecured printer to print the digital postage stamp. 

1 9. The product as in claim 14, wherein the step of printing comprises: 
retrieving from the. software module a graphical image of the digital postage 

stamp; and 

enabling a printing operation to drive an unsecured printer to print the graphical 
image of the digital postage stamp. 

20. The product as in claim 19, wherein the application program interface 
comprises a dynamic link library. 

21. The product as in claim 14 wherein the user data includes origin zip 
code of the PC, denomination of the digital postage stamp, date of request, user 
identification number and PC signature information, and the serwer data includes 
identification of the server generating the digital postage stamps and status 
infonnation of the server, and the unique stamp data includes a number 
corresponding to a sequential number of digital postage stamps generated by the 
server. 

22. The method of claim 1 1 comprising the further step of: 
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generating a^^nd digital signature of addressee infoSrtion for a mailpiece 
on which the digital postage stamp is to be printed and printing the second digital 
signature when the digital postage stamp is printed. 



23 The method of claim 22 wherein the second digital signature is a digital 
signature of a concatenation of the first digital signature and addressee information for 
the mailpiece. 

24. The product as in claim 14 wherein the executable code when read and 
executed causes a programmable processor to perfonn the further following steps: 

generating a second digital signature of addressee infomiation for a mailpiece 
on which the digital postage stamp is to be printed and printing the second digital 
signature when the digital postage stamp is printed. 

25. The product as in claim 24 wherein the second digital signature is a 
digital signature of a concatenation of the first digital signature and addressee 
information for the mailpiece. 
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